Penetration Test

Penetration testing, also known as ethical hacking, is where a team of expert hackers are authorised by you to try and get into your network. They may, in addition to hacking tools, use social engineering techniques from phishing to walking up to your receptionist to see if they can get an infected USB stick into one of your machines. This latter, more advanced, social exercise is something that may also be included in red teaming exercises.

Vulnerability-scanning products go out and check what known exploits exist in your network, and latest software versions and patches. This will only pick up known exploits, and reports have to be analysed and acted upon.

Penetration testing and vulnerability scanning are only as good as the point in time it was performed, how skilled the testers are, how much integrity they have and what you do with the information. From the moment a penetration test has been performed, things can change. If recommendations are made and they are not acted upon, the exercise is pointless.

Leave a Reply

Your email address will not be published. Required fields are marked *